Sr. security engineer

Posted: March 9, 2023, 8:20 a.m. - Full Time - Gurgaon

About Syfe

Syfe is a digital investment platform with a mission to empower people to grow their money confidently and choose the future they want to live in. Built on the pillars of advice, access, and innovation, we cater to the full spectrum of an individual's wealth needs across diversified proprietary portfolios, cash management solutions, and a state-of-the-art brokerage.

The Syfe team combines world-class financial expertise with best-in-class technology talent. Excellence in execution is in our DNA and we offer equity ownership to all employees regardless of seniority and designation.

We are regulated by the financial authorities across Singapore, Hong Kong, and Australia. In Singapore alone, where we are headquartered, over 100,000 investors trust Syfe to grow their wealth.

Since its founding, Syfe has raised the US $52.4 million from world-class investors. The company has won multiple awards including Wealth Management Fintech of the Year by the Asian Banking and Finance Awards 2022, as well as being recognized as one of the Top LinkedIn Startups in Singapore 2022.

Find out more about us at www.syfe.com.

Press links - Bloomberg, Business Times, TechCrunch

Who are we: While we are a diverse set of people, we value the following core traits:

Fast learning: We often require learning new tools and technologies. We believe in adopting them if they are particularly well suited for our problems, instead of limiting ourselves to what we already know. However, we are always short of time and therefore have to learn fast. Versatility: While each one of us has a core skill, we possess at least one secondary skill as well. Apart from allowing the team to be fluid, it also helps us understand how all pieces (frontend, database, network, servers, etc.) fit together. Madness about quality: Put together, individual lines of code should be robust, scalable, high-performance, fault-tolerant, and most importantly, beautiful software. We also stay up-to-date with the latest in the world of software to make ourselves better. Passion: To try out new ideas and iterate on existing product features, and love experimenting with new technology if it's right for the job. Because not only do we ride the cutting edge, we make it happen. Collaboration: We believe that engineering is a continuous process of learning and improvement and that the best way to learn is by getting help from your fellow engineers. Coding is more fun when you do it together and appreciate the feedback. We are seeking a Backend Engineer to develop and own state-of-the-art products that help bring people closer to their financial goals. As we build and scale Syfe over the next few years, our product and engineering team is growing and it is the perfect time to join the team at an early stage and create an impact within and outside the organization.

Responsibilities:

Vulnerability Assessment & Penetration Testing against Web applications, Mobile applications(Android+iOS ), and Infrastructure. Vulnerability management adhering to ISMS policy and regulatory compliance. Document TTP (Techniques,, Tactics and Procedures) used during a security assessment Hands-on experience with SAST, DAST, and open-source vulnerability management tools Coordinate with various technology stakeholders to discuss identified vulnerabilities and assist the engineering team in planning for risk mitigation. Active participation in planning and implementation of new security benchmarks across the organization. Understanding of CI/CD pipeline and associated technologies. Hands-on experience in DevSecOps and security automation. Experience working in collaboration with product managers and software engineering teams to improve security throughout SDLC. Experience conducting application security reviews, API design, code reviews, root cause analysis, and system architecture. Experience working with modern cloud-based microservice architectures or cloud security(AWS) In-depth understanding of AWS security eco-system including IAM, Security Groups, NACL, CloudTrail, VPC flow log, CloudConfig, Encryption, Inspector, System Manager etc. Kubernetes experience, especially Kubernetes security experience, is a huge plus. Good experience in conducting red teaming campaigns and code reviews. Good to have skills (AWS security, EDR, WAF, Security monitoring). Coordinate with the Software Development team and perform source code and architecture reviews to identify vulnerabilities. Strong communication skills and ability to communicate ideas to both technical and non-technical people. Open to working on dynamic requirements along with pre-defined responsibilities within the information security group. Desired Skills :

3-6 years of proven experience in Penetration Testing. Application threat modeling CI/CD & DevSecOps experience Cloud security assessment(AWS) Analytical and problem-solving abilities. The Syfe Advantages:

     1. Annual learning allowance for work-related online courses and books
     2. Allowance for home office setup
     3. Latest M1 Macbook Pro + as required hardware and software
     4. Best of all, our specialty is helping people manage their money. We will help you learn how to manage your own money like a pro